I'm running Windows XP with SP3, I've just been running with a light security system because I don't download much and if I do I usually check it all before I do anything with it - but anyways: Windows defender recently alerted me to this, it says it fixed it and had me restart the computer, since then I've scanned with it one more time and it found it again, I fixed it again and scanned again with windows defender and the Malicious Software removal tool and nothings been found, I've also scanned with Avast Anti-rootkit, F-secure blacklight, and Avira anti-rootkit, all which found nothing, Hijack this! log appears to be clean (nothing I don't recognize/that looks out of place to me) and everything appears to be fine, but how can I make sure I removed this and that my PC is clean? Thanks for any help in advance.

Can you post your Hijack this logs for a second glance? Might have been something you missed Got a problem? give www.support.com a try

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:12:32 PM, on 10/16/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Rising\Rav\CCenter.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\PROGRAM FILES\RISING\RAV\ravmond.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\PrevxCSI\prevxcsi.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\oodag.exe C:\PROGRAM FILES\RISING\RAV\RavStub.exe C:\WINDOWS\Explorer.exe C:\Program Files\PrevxCSI\prevxcsi.exe C:\PROGRAM FILES\RISING\RAV\RavMon.exe C:\WINDOWS\RTHDCPL.exe C:\Program Files\Rising\Rav\RavTask.exe C:\Program Files\GhostWall\ghostwall.exe C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor. exe C:\Program Files\Acronis\TrueImageHome\TimounterMonitor. exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\Windows Defender\MSASCui.exe C:\PROGRA~1\Returnil\Returnil.exe C:\Program Files\MagicDisc\MagicDisc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Pidgin\pidgin.exe C:\WINDOWS\Explorer.exe C:\Program Files\Microsoft Virtual PC\Virtual PC.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\mdm.exe C:\Documents and Settings\All Users\Start Menu\Programs\Security\Hijack This!\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin... R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin... R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin... R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin... R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin... R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?Lin... R1 - HKCU\Software\Microsoft\Windows\CurrentVersio n\Internet Settings,ProxyOverride = *.local O2 - BHO: ContributeBHO Class - {074C1DC5- 9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Catcher Class - {ADECBED6-0366- 4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031- 17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin. dll O3 - Toolbar: Contribute Toolbar - {517BDDE4- E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.exe O4 - HKLM\..\Run: [Alcmtr] ALCMTR.exe O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system O4 - HKLM\..\Run: [GhostWall] "C:\Program Files\GhostWall\ghostwall.exe" -minimize O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor. exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor. exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Rvsystem] C:\PROGRA~1\Returnil\Returnil.exe O4 - HKLM\..\Run: [MagicDisc] C:\Program Files\MagicDisc\MagicDisc.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.exe /3000 O9 - Extra button: Research - {92780B25-18CC- 41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: (no name) - {e2e2dd38- d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,- 20001 - {e2e2dd38-d088-4134-82b7- f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {6414512B-B978-451D-A0D8- FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windows... V5Controls/en/x86/client/wuweb_site.cab? 1222758645328 O16 - DPF: {6E32070A-766D-4EE6-879C- DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso... 6/V5Controls/en/x86/client/muweb_site.cab? 1222813468687 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8- 444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/g... ve/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40- 4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B87 9762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\prevxcsi.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Information Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe